diff --git a/.github/scripts/run-codebuild-batch-job.sh b/.github/scripts/run-codebuild-batch-job.sh
index 52d5de63bd2..5cdb5de41d0 100755
--- a/.github/scripts/run-codebuild-batch-job.sh
+++ b/.github/scripts/run-codebuild-batch-job.sh
@@ -8,11 +8,16 @@ error_exit() {
 PROJECT_NAME=$1
 # get the source version to be built (defaults to main branch if not specified)
 SOURCE_VERSION=${2:-main}
+SDK_PR=$3
+SMITHY_PR=$4
+
+export SDK_PR
+export SMITHY_PR
 
 echo "Starting CodeBuild project ${PROJECT_NAME}"
 
-# dump all GITHUB_* environment variables to file and pass to start job
-jq -n 'env | to_entries | [.[] | select(.key | startswith("GITHUB_"))] | [.[] | {name: .key, value:.value, type:"PLAINTEXT"}]' >/tmp/gh_env_vars.json
+# dump all GITHUB_* & *_PR environment variables to file and pass to start job
+jq -n 'env | to_entries | [.[] | select((.key | startswith("GITHUB_")) or (.key | endswith("_PR")))] | [.[] | {name: .key, value:.value, type:"PLAINTEXT"}]' >/tmp/gh_env_vars.json
 
 START_RESULT=$(
   aws codebuild start-build-batch \
diff --git a/.github/workflows/codebuild-ci.yml b/.github/workflows/codebuild-ci.yml
index 3e33d81bbd8..b1bee2e63a9 100644
--- a/.github/workflows/codebuild-ci.yml
+++ b/.github/workflows/codebuild-ci.yml
@@ -5,6 +5,24 @@ on:
     branches:
       - main
   workflow_dispatch:
+    inputs:
+      aws-sdk-kotlin-pr:
+        description: aws-sdk-kotlin PR number (optional)
+        type: number
+        required: false
+      smithy-kotlin-pr:
+        description: smithy-kotlin PR number (optional)
+        type: number
+        required: false
+      check-pr:
+        description: I verified that the PRs are not running any malicious code (If running for an external contributor)
+        required: true
+        type: boolean
+        default: false
+
+env:
+  SDK_PR: ${{ inputs.aws-sdk-kotlin-pr }}
+  SMITHY_PR: ${{ inputs.smithy-kotlin-pr }}
 
 permissions:
   id-token: write
@@ -19,6 +37,11 @@ jobs:
   e2e-tests:
     runs-on: ubuntu-latest
     steps:
+      - name: Verify PRs are not running malicious code
+        if: ${{ (inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == false }}
+        run: |
+          echo Please verify the PRs are not running any malicious code and mark the checkbox true when running the workflow
+          exit 1
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
@@ -29,6 +52,7 @@ jobs:
         uses: aws-actions/aws-codebuild-run-build@v1
         with:
           project-name: gh-aws-sdk-kotlin-e2e-tests
+          env-vars-for-codebuild: SDK_PR, SMITHY_PR
       - name: Cancel build
         if: ${{ cancelled() }}
         env:
@@ -42,6 +66,11 @@ jobs:
   service-check-batch:
     runs-on: ubuntu-latest
     steps:
+      - name: Verify PRs are not running malicious code
+        if: ${{ (inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == false }}
+        run: |
+          echo Please verify the PRs are not running any malicious code and mark the checkbox true when running the workflow
+          exit 1
       - name: Checkout sources
         uses: actions/checkout@v2
       - name: Configure AWS Credentials
@@ -52,7 +81,9 @@ jobs:
       - name: Run Service Check Batch
         id: svc-check-batch
         run: |
-          .github/scripts/run-codebuild-batch-job.sh gh-aws-sdk-kotlin-svc-check-batch ${{ github.event.pull_request.head.sha }}
+          .github/scripts/run-codebuild-batch-job.sh \
+            gh-aws-sdk-kotlin-svc-check-batch \
+            ${{ github.event.pull_request.head.sha }} ${{ inputs.aws-sdk-kotlin-pr }} ${{ inputs.smithy-kotlin-pr }}
       - name: Cancel build
         if: ${{ cancelled() }}
         env: